February 20, 2002 01:20 PM

Optimize GPO-Processing Performance

Rating: (0)
Darren Mar-Elia
Windows IT Pro
InstantDoc ID #23831
Tweak settings and infrastructure to give performance a push
If you've deployed Active Directory (AD), you know the benefits that it brings to your Windows environment. Among these benefits is the use of Group Policy Objects (GPOs)—powerful tools for managing your Windows 2000 servers and your Windows XP and Win2K workstations. As with any technology, however, too much of a good thing can hurt your systems' performance. You can link GPOs to multiple levels of your ...

ARTICLE TOOLS

Want to use this article? Click here for options!

You must be a paid Professional Member to access this entire article.

Already a Professional Member? Please log in now:

NOT A PROFESSIONAL MEMBER? YOU CHOOSE:

Monthly or Annual

Professional Membership

VIP Membership

Compare Member Benefits

Add a Comment

I created an account / I subscribe to this magazine. It won't let me view an article online.
junk.............

Tom9/13/2006 10:01:55 AM

Hello, I am an OU admin at a large University, where Domain admins have placed all users in a users container on the root of the domain. To me the user accounts are unmovable. I want to apply a folder redirection GPO in my OU for ~25 users. I've created a security group in my OU for my users, and created a GPO and ACL'd it for that group. I know you can't apply GPO's to security groups and then have that apply to the users contained in the groups. The domain admins have denied requests to place my security group ACL'd GPO on the root of the domain. Basically it boils down to how can I apply Group Policy in my OU when the User accounts are all located above my OU? If that can't be done simply, how would performance behave if there were multiple ACL'd GPO's in the root of the domain? (Thier excuse for not putting my GPO on the root is that logon times will increase exponentially when everybody wants to put thier OU GPO's on root.) If there were 15, 30, 60, or 100 GPO's on the root of the domain how would logon times be affected for my 25 users with one GPO, that I limited access to through ACL's for just my 25 users?

Todd Mote 4/7/2003 11:44:45 AM

I read Darren Mar-Elia's "Optimize GPO-Processing Performance" (March 2002, InstantDoc ID 23831) and was wondering whether you have any advice about my company's situation. We're converting users from Novell Directory Services (NDS) to Active Directory (AD). We have a fairly extensive Novell script that maps drives and printers based on group membership. I was thinking about using Group Policy Objects (GPOs) to do the same thing: I'd create a GPO for every mapped drive and printer, and I'd give only the appropriate groups the right to run Apply group policy for each policy in question. Would this process cause less or more overhead than writing one script that all users would run to map drives and printers?



----------------------------------------------



The answer depends on how many drive and printer mappings you're talking about. In general, I think you'll have less overhead and a more scalable solution if you perform group membership testing within one or a few GPO-based logon scripts than if you have a GPO for every possible drive or printer requirement that comes up. In terms of performance, checking group membership in AD isn't that expensive. You could even take a middle road. For example, if you know that only certain groups of users will be processing a GPO linked to a particular organizational unit (OU), you can test for only those user groups within that GPO.

--Darren Mar-Elia

Paul Zelmer 5/8/2002 2:52:54 PM

You must log on before posting a comment.

Are you a new visitor? Register Here
Free Power Tools Brochure
Get Mark Minasi's 17-page guide today!



      

advertisement

GOOGLE LINKS
SPONSORED LINKS
FEATURED LINKS

White Papers

Your remote offices contain valuable electronic data – are they adequately protected? Learn how proven technologies can reliably and cost-effectively back up a branch office from a central location, in real time, to disk or tape, and even utilize existing backup solutions.

Downloads

PacketTrap IT is a comprehensive and affordable network management and application monitoring solution that solves problems associated with bandwidth, network and application performance, and connectivity. Gain insight into your network - try PacketTrapIT free for 21 days!

Web Seminars

IT administrators have to solve a myriad of problems. This web seminar outlines the ten most common systems management pains - including managing highly distributed systems and dealing with data theft/loss – and the best practices to address each.

eLearning Series

We bring the experts direct to you to share their real-world perspective and expertise. During each event, three sessions stream in real time, so you can learn, ask questions, and get solutions.
Upcoming event: Getting the Most with Exchange 2010 with Paul Robichaux

Subscribe to Windows IT Pro!

DevProConnections ITTV Left-Brain SharePointPro Connections SQL Server Magazine SuperSite for Windows Windows IT Pro

© Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.